// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package synapse

import (
	"fmt"
	"log"
	"time"

	"github.com/Azure/azure-sdk-for-go/services/preview/synapse/mgmt/v2.0/synapse" // nolint: staticcheck
	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
	"github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/parse"
	"github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/validate"
	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
	"github.com/hashicorp/terraform-provider-azurerm/utils"
)

func resourceSynapseSqlPoolVulnerabilityAssessmentBaseline() *pluginsdk.Resource {
	return &pluginsdk.Resource{
		Create: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate,
		Read:   resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead,
		Update: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate,
		Delete: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineDelete,

		Timeouts: &pluginsdk.ResourceTimeout{
			Create: pluginsdk.DefaultTimeout(30 * time.Minute),
			Read:   pluginsdk.DefaultTimeout(5 * time.Minute),
			Update: pluginsdk.DefaultTimeout(30 * time.Minute),
			Delete: pluginsdk.DefaultTimeout(30 * time.Minute),
		},

		Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error {
			_, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(id)
			return err
		}),

		Schema: map[string]*pluginsdk.Schema{
			"name": {
				Type:         pluginsdk.TypeString,
				Required:     true,
				ValidateFunc: validation.StringIsNotEmpty,
			},

			"sql_pool_vulnerability_assessment_id": {
				Type:         pluginsdk.TypeString,
				Required:     true,
				ForceNew:     true,
				ValidateFunc: validate.SqlPoolVulnerabilityAssessmentID,
			},

			"rule_name": {
				Type:         pluginsdk.TypeString,
				Required:     true,
				ValidateFunc: validation.StringIsNotEmpty,
			},

			"baseline": {
				Type:     pluginsdk.TypeList,
				Optional: true,
				Elem: &pluginsdk.Resource{
					Schema: map[string]*pluginsdk.Schema{
						"result": {
							Type:     pluginsdk.TypeList,
							Required: true,
							Elem: &pluginsdk.Schema{
								Type: pluginsdk.TypeString,
							},
						},
					},
				},
			},
		},
	}
}

func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient
	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
	defer cancel()

	vulnerabilityAssessmentId, err := parse.SqlPoolVulnerabilityAssessmentID(d.Get("sql_pool_vulnerability_assessment_id").(string))
	if err != nil {
		return err
	}

	id := parse.NewSqlPoolVulnerabilityAssessmentBaselineID(vulnerabilityAssessmentId.SubscriptionId, vulnerabilityAssessmentId.ResourceGroup,
		vulnerabilityAssessmentId.WorkspaceName, vulnerabilityAssessmentId.SqlPoolName, vulnerabilityAssessmentId.VulnerabilityAssessmentName, d.Get("rule_name").(string), d.Get("name").(string))

	if d.IsNewResource() {
		existing, err := client.Get(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName))
		if err != nil {
			if !utils.ResponseWasNotFound(existing.Response) {
				return fmt.Errorf("checking for existing %s: %+v", id, err)
			}
		}
		if !utils.ResponseWasNotFound(existing.Response) {
			return tf.ImportAsExistsError("azurerm_synapse_sql_pool_vulnerability_assessment_baseline", id.ID())
		}
	}

	parameters := synapse.SQLPoolVulnerabilityAssessmentRuleBaseline{
		SQLPoolVulnerabilityAssessmentRuleBaselineProperties: &synapse.SQLPoolVulnerabilityAssessmentRuleBaselineProperties{
			BaselineResults: expandSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(d.Get("baseline").([]interface{})),
		},
	}
	if _, err := client.CreateOrUpdate(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName), parameters); err != nil {
		return fmt.Errorf("creating/updating %s: %+v", id, err)
	}

	d.SetId(id.ID())

	return resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead(d, meta)
}

func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient
	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
	defer cancel()

	id, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(d.Id())
	if err != nil {
		return err
	}

	resp, err := client.Get(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName))
	if err != nil {
		if utils.ResponseWasNotFound(resp.Response) {
			log.Printf("[INFO] synapse %s does not exist - removing from state", id)
			d.SetId("")
			return nil
		}

		return fmt.Errorf("retrieving %s: %+v", id, err)
	}

	d.Set("name", id.BaselineName)
	d.Set("rule_name", id.RuleName)
	d.Set("sql_pool_vulnerability_assessment_id", parse.NewSqlPoolVulnerabilityAssessmentID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.VulnerabilityAssessmentName).ID())
	if props := resp.SQLPoolVulnerabilityAssessmentRuleBaselineProperties; props != nil {
		if err := d.Set("baseline", flattenSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(props.BaselineResults)); err != nil {
			return fmt.Errorf("setting `baseline`: %+v", err)
		}
	}
	return nil
}

func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineDelete(d *pluginsdk.ResourceData, meta interface{}) error {
	client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient
	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
	defer cancel()

	id, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(d.Id())
	if err != nil {
		return err
	}

	if _, err = client.Delete(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName)); err != nil {
		return fmt.Errorf("deleting %s: %+v", id, err)
	}

	return nil
}

func expandSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(input []interface{}) *[]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem {
	results := make([]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem, 0)
	for _, item := range input {
		v := item.(map[string]interface{})
		results = append(results, synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem{
			Result: utils.ExpandStringSlice(v["result"].([]interface{})),
		})
	}
	return &results
}

func flattenSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(input *[]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem) []interface{} {
	results := make([]interface{}, 0)
	if input == nil {
		return results
	}

	for _, item := range *input {
		results = append(results, map[string]interface{}{
			"result": utils.FlattenStringSlice(item.Result),
		})
	}
	return results
}
